Usecase

Send Notification when there is no login activity (threshold count < 1) from a particular department say "Accounts"  for every day. Login activity of Department is identified by a particular range of IP address with field name "srcIp". 

     

Notification Types:  Email


User Inputs

Please find the below image for setting up alerts in Skedler-Alerts 


Notification received via Email


Hi,

Alert has been triggered for alert No Login Activity on Tue May 01,2018 10:00:00 IST


Alert Condition:

Rule Type: Flat Line, Keyword Filter: * - select * from .data* where srcIp must > 10.200.1.3 and srcIp must < 10.200.1.49 and where timeWindow between Mon Apr 30,2018 10:00:00 IST - Tue May 01,2018 10:00:00 IST having count < 1


TimeWindow:

Mon Apr 30,2018 10:00:00 IST - Tue May 01,2018 10:00:00 IST


Matching Records:

No Payload Result / Aggregation Result found

http://guidanzadmin:3001/skedler-alerts/alertdetails?alertId=No%20Login%20Activity&alertname=No%20Login%20Activity&triggered_time=2018-05-01T04:30:30.000Z


Thanks


Notification received via email attachment


[
  {
    "payload_result1": {
      "total": 0,
      "max_score": null,
      "hits": []
    },
    "aggregations_result1": {
      "count": {
        "value": 0
      }
    }
  }
]